Two researchers have uncovered a secret file on iPhones that keeps a record of where the phone has been and when it was there — a file that is unencrypted and stored by default.

A sample map built using the program

The security experts, Alasdair Allan and Pete Warden, created a program that lets you see just what your phone knows of your whereabouts — and it’s a creepy sight. There’s no evidence that the file is transferred to Apple, but the maps produced by the program show details stretching back months.

“Ever since iOS 4 arrived, your device has been storing a long list of locations and time stamps,” said Mr. Allan, a technology author, in a post on the website of technology publisher O’Reilly. He and Mr. Warden, a former Apple employee, are presenting their findings Wednesday at the Where 2.0 conference put on by the publisher. The Guardian newspaper also has reported on their discovery.

Apple did not immediately respond to a request for comment.

This kind of cellphone tracking will come as no surprise to Wall Street Journal readers, of course. Back in December, a Journal investigation revealed that many of the most popular smartphone applications go further than this. An examination of 101 apps showed that 56 sent the phones unique device ID to other companies without users’ awareness or consent, and 47 sent location information. Companies receiving such data included Apple and Google Inc., as well as advertising networks.

Sen. Al Franken (D., Minn.), who has helped lead a push in Congress to investigate Internet-privacy issues, sent a letter Wednesday to Apple Chief Executive Officer Steve Jobs about the researchers’ report. “The existence of this information — stored in an unencrypted format — raises serious privacy concerns,” he wrote. Sen. Franken ends his letter with a series of questions about the matter, including whether Apple has disclosed the data gathered to anyone.

The research revealed today looks not at specific applications but at data collected during general use.

The researchers say the database is restored each time you back up your phone, and even if you switch to a new device. Any iPhone running the latest version of Apple Inc.’s iOS operating system, as well as any iPad 3G running that software, has the database on it, they say. The file is transferred to any computer synced to the phone or tablet, and it can be easily found by someone with access to one of those computers or the device itself.

When trying out the program, all we’ve learned here at Digits is that we spend an embarrassing amount of time at the office. It seems unlikely that anyone would want to get into our data.

But suppose we weren’t so lucky and, say, had a jealous spouse or were drawing the scrutiny of the government. There’s a pretty detailed map of everywhere we’ve been, collected without our knowledge and sitting there, unencrypted.

Why would this data be recorded in the first place? Given that it started with iOS 4 — which also heralded the launch of Apple’s iAd platform — it’s possible that it has something to do with location-based advertising.

Messrs. Allan and Warden said they haven’t seen the database get transferred to Apple, but Apple has previously said it uses location data to serve ads and provide location-based services. Apple has said this can be prevented by turning off location services.

The researchers said they haven’t found a similar database on Android phones from Google Inc., but Google has previously said it collects location for things like advertising and to provide traffic statistics on its Google Maps product.

Wireless providers have long collected similar location data, which is important to have for call routing and for billing. But they store the data securely and certainly don’t leave it sitting around on millions of machines.

The researchers said they found the database when looking into how they might make a graphic that displayed mobile data. “At first we weren’t sure how much data was there, but after we dug further and visualized the extracted data, it became clear that there was a scary amount of detail on our movements,” they wrote.

The researchers said Apple hadn’t responded to them about the issue. Mr. Warden worked on desktop software for the company for five years, he said, and “had no contact with anything iPhone related.”

“We’re both big fans of Apple’s products, and take no pleasure in uncovering this issue,” the researchers wrote.